I've set up an account for Apache to run as a service with which I've limited filesystem access to as much as I can, but still I'm not happy. As far as I've come is that PHP can list all folder contents down its path, that means that it can list:
C:\
C:\www\
C:\www\*

I wish that there were a way to limit PHP-scripts access on the system by only changing in php.ini. I've tried with the different path-settings such as basedir and userdir (I don't remember the exact names), but I end up with "No input file specified." while browsing the different php-pages.

If You'd like to help me out on this one, then I'd be really greatful for it!

The problem is ruturajv that this would be a shared host -- and he doesnt like that everyone else may have access to the whole server (or harddrive) throught PHP... I am actually a bit confused as this should be any problem due to the read-only rights for PHP on a server outside its root :S

Using those functions anyone can list any folder that the user running Apache can. In this case, it means that people actually can list: C:\ and see (but not enter) for example:
C:\program
C:\winnt
C:\pagefile.sys << they can, however, read this file (if it weren't for the read-lock that the OS has applied to it.)

To add: There is also functions to write files, edit files, delete files, and the Apache-user has some demands on writing to certain folders too - see where I'm going?

How do I lock down users to their own directories, without damaging their scripts (eg. forums)?